Episode 21: I BEG TO DFIR – How iOS Biome Data Reveals Digital Evidence in iOS Forensics – Digital Forensics Webinar
Experience better results during iOS forensics in your digital investigations!
In this digital forensics webinar episode of ‘I Beg to DFIR’, we cover the ins and outs of iOS biome and how you can leverage the additional streams of data to supercharge iOS forensics. Discover the information contained in these 130+ Biome streams and key strategies to maximize them.
Don’t miss out on more valuable insights! Register today to be informed of upcoming ‘I Beg to DFIR’ episodes.
In this episode, special guest Ian Whiffin, Decoding Product Manager for UFED at Cellebrite, will join us to highlight important new ways to leverage iOS biome data for better results during iOS forensics in digital investigations.
He will cover the knowledgeC database which was introduced in iOS 11 and has been a critical source of forensic data ever since.
The database contained information such as:
- Application in Focus
- Backlight Activity
- LockState
- Media Playing
- Battery Level
- Battery Temperature
- WiFi Connections
- And much more…
He will discuss iOS 15, where Apple introduced a few “biome” files that worked alongside knowledgeC. Biome got its name from the path of which many of these files could be found:
/private/var/mobile/Library/Biome
Apple refers to each of the data types as Streams, as they can also be seen in the file path:
/private/var/mobile/Library/Biome/Streams
Later he will explore iOS 16, where Apple committed heavily to the new format, opting to use Biome files in place of the knowledgeC database for lots of data. KnowledgeC still exists, but is a shadow of its former self.
There are 130+ Biome Streams as mentioned above and further include:
- Photo viewing information
- Audio Routing
- Airplane Mode
- Bluetooth Connections
- Siri usage
- Message content
- Web usage
- Notifications
- Media playing
- Location data and more…
Watch the full episode to learn more ways to leverage Biome files/SEGB files to further your iOS forensics results during your digital investigations.
